npm - @hardlydifficult/http - Versions diffs - 1.0.0 - Mend

@hardlydifficult/http 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/http.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { IncomingMessage, ServerResponse } from "http";
+export declare const MAX_BODY_BYTES: number;
+/** Read the full request body as a string, rejecting if it exceeds maxBytes. */
+export declare function readBody(req: IncomingMessage, maxBytes?: number): Promise<string>;
+/** Send a JSON response */
+export declare function sendJson(res: ServerResponse, status: number, body: unknown, corsOrigin: string): void;
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAE5D,eAAO,MAAM,cAAc,QAAc,CAAC;AAE1C,gFAAgF;AAChF,wBAAgB,QAAQ,CACtB,GAAG,EAAE,eAAe,EACpB,QAAQ,SAAiB,GACxB,OAAO,CAAC,MAAM,CAAC,CAwCjB;AAED,2BAA2B;AAC3B,wBAAgB,QAAQ,CACtB,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,OAAO,EACb,UAAU,EAAE,MAAM,GACjB,IAAI,CAQN"}

package/dist/http.js ADDED Viewed

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_BODY_BYTES = void 0;
+exports.readBody = readBody;
+exports.sendJson = sendJson;
+exports.MAX_BODY_BYTES = 1024 * 1024; // 1 MB
+/** Read the full request body as a string, rejecting if it exceeds maxBytes. */
+function readBody(req, maxBytes = exports.MAX_BODY_BYTES) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let totalBytes = 0;
+        let done = false;
+        const onError = (err) => {
+            if (!done) {
+                done = true;
+                reject(err);
+            }
+        };
+        req.on("data", (chunk) => {
+            if (done) {
+                return;
+            }
+            totalBytes += chunk.length;
+            if (totalBytes > maxBytes) {
+                done = true;
+                // Replace error handler with a no-op before destroying to prevent
+                // the destroy-induced error event from becoming an uncaught exception.
+                req.removeListener("error", onError);
+                req.on("error", () => {
+                    // swallow errors after rejection
+                });
+                req.destroy();
+                reject(new Error("Payload too large"));
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => {
+            if (!done) {
+                done = true;
+                resolve(Buffer.concat(chunks).toString());
+            }
+        });
+        req.on("error", onError);
+    });
+}
+/** Send a JSON response */
+function sendJson(res, status, body, corsOrigin) {
+    res.writeHead(status, {
+        "Content-Type": "application/json",
+        "Access-Control-Allow-Origin": corsOrigin,
+        "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+        "Access-Control-Allow-Headers": "Content-Type, Authorization",
+    });
+    res.end(JSON.stringify(body));
+}
+//# sourceMappingURL=http.js.map

package/dist/http.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":";;;AAKA,4BA2CC;AAGD,4BAaC;AA9DY,QAAA,cAAc,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAElD,gFAAgF;AAChF,SAAgB,QAAQ,CACtB,GAAoB,EACpB,QAAQ,GAAG,sBAAc;IAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,IAAI,GAAG,KAAK,CAAC;QAEjB,MAAM,OAAO,GAAG,CAAC,GAAU,EAAE,EAAE;YAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,GAAG,IAAI,CAAC;gBACZ,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO;YACT,CAAC;YACD,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC;YAC3B,IAAI,UAAU,GAAG,QAAQ,EAAE,CAAC;gBAC1B,IAAI,GAAG,IAAI,CAAC;gBACZ,kEAAkE;gBAClE,uEAAuE;gBACvE,GAAG,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACrC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;oBACnB,iCAAiC;gBACnC,CAAC,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;gBACvC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,GAAG,IAAI,CAAC;gBACZ,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2BAA2B;AAC3B,SAAgB,QAAQ,CACtB,GAAmB,EACnB,MAAc,EACd,IAAa,EACb,UAAkB;IAElB,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE;QACpB,cAAc,EAAE,kBAAkB;QAClC,6BAA6B,EAAE,UAAU;QACzC,8BAA8B,EAAE,iCAAiC;QACjE,8BAA8B,EAAE,6BAA6B;KAC9D,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { safeCompare } from "./safeCompare.js";
+export { readBody, sendJson, MAX_BODY_BYTES } from "./http.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_BODY_BYTES = exports.sendJson = exports.readBody = exports.safeCompare = void 0;
+var safeCompare_js_1 = require("./safeCompare.js");
+Object.defineProperty(exports, "safeCompare", { enumerable: true, get: function () { return safeCompare_js_1.safeCompare; } });
+var http_js_1 = require("./http.js");
+Object.defineProperty(exports, "readBody", { enumerable: true, get: function () { return http_js_1.readBody; } });
+Object.defineProperty(exports, "sendJson", { enumerable: true, get: function () { return http_js_1.sendJson; } });
+Object.defineProperty(exports, "MAX_BODY_BYTES", { enumerable: true, get: function () { return http_js_1.MAX_BODY_BYTES; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,mDAA+C;AAAtC,6GAAA,WAAW,OAAA;AACpB,qCAA+D;AAAtD,mGAAA,QAAQ,OAAA;AAAE,mGAAA,QAAQ,OAAA;AAAE,yGAAA,cAAc,OAAA"}

package/dist/safeCompare.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ *
+ * Uses crypto.timingSafeEqual under the hood. Handles different-length
+ * strings safely by comparing against a same-length dummy first (so the
+ * comparison always runs in time proportional to `a.length`).
+ */
+export declare function safeCompare(a: string, b: string): boolean;
+//# sourceMappingURL=safeCompare.d.ts.map

package/dist/safeCompare.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"safeCompare.d.ts","sourceRoot":"","sources":["../src/safeCompare.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAYzD"}

package/dist/safeCompare.js ADDED Viewed

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.safeCompare = safeCompare;
+const crypto_1 = require("crypto");
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ *
+ * Uses crypto.timingSafeEqual under the hood. Handles different-length
+ * strings safely by comparing against a same-length dummy first (so the
+ * comparison always runs in time proportional to `a.length`).
+ */
+function safeCompare(a, b) {
+    const bufA = Buffer.from(a);
+    const bufB = Buffer.from(b);
+    if (bufA.length !== bufB.length) {
+        // Compare bufA against itself so the timing is consistent,
+        // then return false.
+        (0, crypto_1.timingSafeEqual)(bufA, bufA);
+        return false;
+    }
+    return (0, crypto_1.timingSafeEqual)(bufA, bufB);
+}
+//# sourceMappingURL=safeCompare.js.map

package/dist/safeCompare.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"safeCompare.js","sourceRoot":"","sources":["../src/safeCompare.ts"],"names":[],"mappings":";;AASA,kCAYC;AArBD,mCAAyC;AAEzC;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,CAAS,EAAE,CAAS;IAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAE5B,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,2DAA2D;QAC3D,qBAAqB;QACrB,IAAA,wBAAe,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAA,wBAAe,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "name": "@hardlydifficult/http",
+  "version": "1.0.0",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  },
+  "devDependencies": {
+    "@types/node": "25.2.3",
+    "typescript": "5.9.3",
+    "vitest": "4.0.18"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}